Taking on the Fancy Bear hackers: how to negotiate if your data is being held ransom

Read next

The complicated truth about China's social credit system

ByNicole Kobie

In May 2002, he was part of a negotiating team sent to solve a stalemate in the West Bank: Israeli troops had been laying a month-long siege to the Church of Nativity after suspected Palestinian militants had barricaded themselves inside, together with several Franciscan monks. Eventually, the Palestinians accepted to leave the building and be exiled to Europe. Cristal regards that as one of his “defining, formative experiences.”

Today he’s CEO of Nest, a firm providing negotiating skills to whoever finds themselves in a predicament that can be solved with words — from talking to investors to managing union relationships. Increasingly, though, that means harried executives calling Cristal because someone has finagled vital data and is asking for money to return it.

Advertisement

Ransomware can be easily bought on the darknet, which makes these kinds of attacks common: according to security firm Malwarebytes, 40 per cent of companies worldwide have been targeted by it as of August 2016.

When ransomware is involved, Cristal believes negotiation is key in these scenarios. "I strongly believe that managing the human factor is key to overcoming a cyber crisis," he said.

Read next

Collection #1 is the world's biggest data dump. Check your passwords

ByMatt Burgess

He described a situation when he was brought in to negotiate for a financial institution that had been attacked. The hackers involved demanded 500 bitcoins, $120,000 at the time, in exchange for not leaking the information online.

Advertisement

By speaking to the hackers and negotiating with the "bad guys", Cristal explained how he dealt with the scenario. Communication was key, exchanging WhatsApp messages with the hackers to find out their motivations and incentives.

"These are serious, professional people with a criminal code of ethics," he explained.

The next step, Cristal advises, is to carry out a risk assessment, analysing the cost of a no-deal and the damage it would cause to the company. At this stage, it is important to have the backing of shareholders and the board.

"60 per cent of negotiation failures can be attributed to the gap between the negotiator and the decision maker," said Cristal.

Read next

Fortnite has another security flaw and Epic's response wasn't great

By taking the time to communicate with the hackers, and negotiate internally with the board, Cristal explained how these steps allow him to negotiate with time.

"During the month of negotiations, my techies can trace who attacked the system, and find what was actually stolen."

After controlling the time element in his bitcoin and banking example, Cristal then employed a bargain, turning the negotiation into a business deal. He demonstrated how he successfully negotiated the price down and got the hackers to explain how they found the vulnerabilities, so it will never happen to the company in question again.

Cristal likened the seriousness of the situation by explaining the little quirks he uses to carry out negotiations, adding emoji to messages and flattering the hackers to keep them talking. But he drove home the idea that this can happen to anyone.

Advertisement

"This doesn't only happen to financial institutions, we're all exposed," said Cristal. "Six months ago, the daughter of an Indian billionaire posted pictures on Instagram from vacation. Guys hacked the hotel's CCTV and got some 'other' pictures of her and her father had to pay the ransom."

"When you're facing the crisis, at the end of the day it is the human factor that needs to be managed with the technological elements," he advised.

This article was originally published in October 2016 and has been updated ahead of this year's WIRED Security event in London.